Enabling BitLocker system drive encryption on EC2 Windows instances is feasible, but the risks are higher than on physical machines. The key issue is that EC2 typically lacks a traditional TPM, so after encrypting the system drive, a password is required during the boot phase, and the standard console may not provide a reliable input channel.